Back to search
CVE-2019-12405
Published: Sep 9, 2019
Modified: Aug 4, 2024
PUBLISHED
Description
Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user's correct password.
| Vendor | Product | Versions |
|---|---|---|
Apache | Traffic Control | affected 3.0.0 and 3.0.1 |
References
[trafficcontrol-users] 20190906 CVE-2019-12405: Apache Traffic Control LDAP-based authentication vulnerability
mailing-list
x_refsource_MLIST
https://support.f5.com/csp/article/K84141859
x_refsource_CONFIRM
[trafficcontrol-commits] 20210616 [trafficcontrol-website] branch asf-site updated: Fix CVE-2020-17522 link
mailing-list
x_refsource_MLIST
[trafficcontrol-commits] 20211011 [trafficcontrol-website] 01/02: Add CVE-2021-42009
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now